From c71a89dbf0a8d5c78b6bf15c2ee52e27ec9a4828 Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Mon, 18 Dec 2023 13:12:43 +0000
Subject: [PATCH] Clean up EVP_PBE_CipherInit() a little

This is mostly stylistic cleanup, making the control flow a bit more
obvious. There's one user-visible change: we no longer go out of our
way to provide info about the unknown algorithm. The nid is enough.

ok joshua jsing
---
 lib/libcrypto/evp/evp_pbe.c | 43 ++++++++++++++++---------------------
 1 file changed, 18 insertions(+), 25 deletions(-)

diff --git a/lib/libcrypto/evp/evp_pbe.c b/lib/libcrypto/evp/evp_pbe.c
index 94658f87974..8553478bc4a 100644
--- a/lib/libcrypto/evp/evp_pbe.c
+++ b/lib/libcrypto/evp/evp_pbe.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_pbe.c,v 1.33 2023/12/16 14:09:33 tb Exp $ */
+/* $OpenBSD: evp_pbe.c,v 1.34 2023/12/18 13:12:43 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -269,43 +269,35 @@ int
 EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
     ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
 {
-	const EVP_CIPHER *cipher;
-	const EVP_MD *md;
-	int cipher_nid, md_nid;
+	const EVP_CIPHER *cipher = NULL;
+	const EVP_MD *md = NULL;
+	int pbe_nid, cipher_nid, md_nid;
 	EVP_PBE_KEYGEN *keygen;
 
-	if (!EVP_PBE_find(EVP_PBE_TYPE_OUTER, OBJ_obj2nid(pbe_obj),
-	    &cipher_nid, &md_nid, &keygen)) {
-		char obj_tmp[80];
+	if ((pbe_nid = OBJ_obj2nid(pbe_obj)) == NID_undef) {
 		EVPerror(EVP_R_UNKNOWN_PBE_ALGORITHM);
-		if (!pbe_obj)
-			strlcpy(obj_tmp, "NULL", sizeof obj_tmp);
-		else
-			i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
-		ERR_asprintf_error_data("TYPE=%s", obj_tmp);
+		return 0;
+	}
+	if (!EVP_PBE_find(EVP_PBE_TYPE_OUTER, pbe_nid, &cipher_nid, &md_nid,
+	    &keygen)) {
+		EVPerror(EVP_R_UNKNOWN_PBE_ALGORITHM);
+		ERR_asprintf_error_data("NID=%d", pbe_nid);
 		return 0;
 	}
 
-	if (!pass)
+	if (pass == NULL)
 		passlen = 0;
-	else if (passlen == -1)
+	if (passlen == -1)
 		passlen = strlen(pass);
 
-	if (cipher_nid == -1)
-		cipher = NULL;
-	else {
-		cipher = EVP_get_cipherbynid(cipher_nid);
-		if (!cipher) {
+	if (cipher_nid != -1) {
+		if ((cipher = EVP_get_cipherbynid(cipher_nid)) == NULL) {
 			EVPerror(EVP_R_UNKNOWN_CIPHER);
 			return 0;
 		}
 	}
-
-	if (md_nid == -1)
-		md = NULL;
-	else {
-		md = EVP_get_digestbynid(md_nid);
-		if (!md) {
+	if (md_nid != -1) {
+		if ((md = EVP_get_digestbynid(md_nid)) == NULL) {
 			EVPerror(EVP_R_UNKNOWN_DIGEST);
 			return 0;
 		}
@@ -315,6 +307,7 @@ EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
 		EVPerror(EVP_R_KEYGEN_FAILURE);
 		return 0;
 	}
+
 	return 1;
 }
 
-- 
2.20.1